Why you should consider Network Access Control (NAC)

Business networks are changing rapidly, causing new threats to emerge and creating unknown risks, so it’s crucial to secure network devices and control perimeter access.

What is Network Access Control (NAC)?

A network access control system detects all devices on the network and provides visibility into those devices. NAC systems allow organisations to set specific access policies, and can determine exactly how users navigate the network and which resources they can access. The software prevents unauthorised users from entering the network and reduces the risk of unauthorised access, data breaches and the spread of malware or other malicious activity. It also enforces policies on endpoints to ensure devices comply with network security policies.

NAC systems’ usage is increasing rapidly, thanks to the increase in BYOD devices and IoT devices, and the integration of NAC technology into mobile device management, next-generation firewalls and threat detection products.

The primary users for NAC is larger enterprise organisations, due to their greater number of employees and the need to grant access to contractors, visitors and third-party suppliers. However, there is also an increase in demand in the SME market, largely driven by reports of breaches and the potential reputational and financial damage that cyberattacks can cause.

The NAC is a fairly complex product, so it can be hard for managed service providers to articulate the benefits. Securus is a NAC specialist with many years’ experience in delivering network security solutions, and we are here to help.

Here are some of the reasons to adopt a NAC solution:

BYOD and IoT threats

NAC technology is important to many IT departments with regard to the increasing demand for BYOD (Bring Your Own Device) and IoT (Internet of Things) because of the secure handling of mobile devices. As the line between personal and professional time blurs, end users are demanding to use not just company-owned devices, such as smartphones, tablets and laptops, but also personal devices for business too.

Mobile devices are increasingly being targeted by criminals, and apps containing malware have become a popular attack vector. Personal devices generally do not have enterprise-level MDM (Mobile Device Management) and anti-virus products installed. Users quite commonly install apps that appear to be genuine but may actually perform actions that compromise the security of the device, which could lead to threats or ransomware infections. The more devices that connect, the greater the risk of the network becoming compromised.

By controlling and monitoring access to the network, NAC reduces the attack risk by limiting the number of potential entry points for attackers, making it more difficult for threats to infiltrate the network.

Delivering network access on a granular level

Any device that connects to the network has to be authorised, giving organisations full control over their remote estate. One of the major advantages of a NAC solution is its ability to deliver network access on a granular basis. It can be integrated with Active Directory controls to provide network access only to areas of the network that allow the particular owner of the device to perform their job role.

Networks are generally quite a static configuration. You typically assign each port to have a specific function and IT has to physically log in to make any changes. What NAC enables them to do is identify the specific device, then move the profile from point A to point B so employees can continue working seamlessly, on a fully secure device.

When computers and lap tops are moved around, the IT team hasn’t got to spend hours or days unpicking it all, which frees up their time, yet still allows them full control of the network.

If you choose to implement NAC, ensure it integrates with existing IT security systems, for example, your MDM or SIEM (Security Information and Event Management) products. This will save the additional overhead of managing different IT security systems on separate platforms.

Advanced Persistent Threats (APTs)

NAC solutions can detect and respond to security threats in real-time. Although a NAC solution will not directly detect and prevent APTs, it can stop the source of the threat from connecting to the network.

NAC enforces network access policies, such as requiring up-to-date antivirus software, enabling firewalls and applying security patches. If a device behaves suspiciously or violates security policies, it can be quarantined or given limited network access until it’s compliant, or even disconnected from the network to prevent further harm.

The call centre environment

If an organisation has strict security processes in a call or contact centre environment, NAC enables them to change the group membership of the user in Active Directory which then changes their network configuration, giving them access to information associated with that particular customer.

Switches were historically configured by IT, which could be time-consuming and laborious. Now it can all be done from one location, knowing that the necessary segregation is in place, and the agent can easily switch their profile over to a new customer. The organisation’s firewall is integrated with Active Directory, so if the agents are not connected to the right group at the right time, they can’t obtain internet access, keeping security at the forefront of their strategy.

Managing network sharing permissions in a large network can be a huge burden on IT resources, inevitably leading to excessive network permissions. Being able to manage this centrally through an NAC system can allow greater control and flexibility for delivering access to shared folders.

Compliance

NAC helps organisations meet regulatory compliance requirements, such as those outlined in HIPAA, GDPR, or PCI DSS. It ensures that only authorised personnel with the necessary security measures in place can access sensitive data.

Scalability

NAC solutions are scalable and can adapt to the changing needs of an organisation. As the network grows or evolves, NAC can continue to enforce access control policies effectively. NAC products are often sold on a per-endpoint basis. Organisations will therefore need to consider the cost of adding more endpoint licenses as their infrastructure expands. For example, if an organisation of 1,000 endpoints purchases a NAC product, if  they expand to 3,000 endpoints, the cost of the NAC product will increase as well.

Fortinet NAC solution

FortiNAC provides protection against IoT threats, extends control to third-party network devices and orchestrates automatic response to a wide range of network events. It is a natural extension of ‘zero trust’: by default, nothing’s trusted. FortiNAC has a wide range of powerful features that make managing network access easier and quicker.

When Securus is the incumbent WAN provider, the NAC implementation – FortiNAC from Fortinet – is a natural extension of the network solution.

Key FortiNAC benefits

• Scans the network to detect and classify devices through automated methods
• Creates a comprehensive inventory of all devices on the network and facilitates user network access orchestration
• Evaluates the risk of every endpoint on the network, giving the option to restrict guest network access
• Centralises architecture to simplify deployment and management
• Allows resource access management and enables user segmentation based on roles
• Helps to detect suspicious activity and supports incident response automation
• Contributes to regulatory compliance
• Supports third-party network devices to ensure compatibility with the existing infrastructure, automates onboarding process, enforces dynamic network access control and provides event reporting to SIEM with detailed contextual data to reduce investigation time.
• Quickly and easily run reports showing important information such as staff movement and time-keeping.

Considerations before deploying a NAC solution

Choosing to implement a NAC solution can drastically improve an organisation’s network security posture by allowing for greater control over what devices are accessing the network, and what they are granted access to.

Consider whether the main benefits of NAC are worth the investment to your organisation. Take into account that implementing NAC not only requires upfront expenditure, it also entails ongoing investment in the form of additional licenses, training, monitoring and interpretation of alerts, then responding to them in a timely manner.

In summary

Network Access Control is important for maintaining the security, compliance and integrity of your organisation’s network. For organisations who are serious about network security, NAC delivers visibility, control and enforcement capabilities for everything that connects to the network. The larger the company, the more devices that will connect to the network, so the more useful the network access control products will be.

Call the NAC experts at Securus on 03451 283457 to find out more.